A small step to a Giant Leap

vSphere 6.0 - VMware Auto Deploy Configuration

If you have a large VMware environment with hundreds of ESXi hosts, deploying hosts might be a big challenge. VMware introduced this Auto Deploy feature for the bulk ESXI deployment and previously, configuration was bit complex. This feature was a separate component and with vSphere 6.0 it comes as a inbuilt feature of the vCenter, you need only the activation and start the service. 

Here in my post I'm going to show the way that you can configure this feature in the vSphere 6.0 vCenter server, I'm really sorry If I made this post long as I need to show you the every single step that I followed in my deployment, that might be really helpful to a new starter and those who new to Auto Deploy feature.

By default, hosts provisioned by the auto deploy pull down the ESXi image each time at the host boots. If the auto deploy server or the FTP server which is holding the ESXi image is down host will not boot using the auto deploy. You can see a similar error and your host will reboot frequently. 


First of all, you need have a DHCP server in place in your environment and it should support the PXE boot and the it should be able to point the TFTP boot server for your Auto Deploy ESXi server. In my case I'm using a Windows 2008 R2 Server as my DHCP server and SolarWinds free TFTP server to stream the boot image. 

VMware vExpert for the First time...

Yesterday, VMware announced the VMware vExpert for the year 2017, I'm glad my name is also there and I'm really excited with this as this is the first time I got this award. 

VMware vExpert 2017

You can find all the VMware vExperts for 2017 here .

VMware vSphere 6 - vCenter Server Installation

I'm writing this article to show you the complete installation of the vCenter Server 6. It's a pretty straight forward and I'm using the Windows based Server (2008 R2) to install my vCenter server which is my favorite. I have installed the Platform Service Controller in a different server and I'm pointing my vCenter server to the installed PSC. You can find my previous PSC installation post here .

Check the vCenter server System requirement according your deployment method from the vSphere 6 Documentation Center .

Note: If you are planing to use a Windows 2016 64 bit server you can install only the vCenter server 6.5. Check the Operating System Compatibility from here .

Once you setup the Server for the vCenter server, mount your vCenter 6.x ISO and run the installer as usual and click on "Install" to start the installation

VMware vSphere 6 - ESXi Syslog and Network Dump collector configuration

Sometimes, you might be aware of this and might be using this in your environment. But I thought it is a good time to write an article about VMware Syslog and Network Dump Collector configurations as I'm doing some Autodeploy configurations. 

Setting up a Syslog collector and Network Dump collector is a must when you are up to use the VMware Autodeploy feature. Bulk ESXi Configuration and Deployment might be a headache when you have more than thousands of ESXi hosts to deal with as your daily operations.

As I mentioned earlier Syslog and Network Core Dump Collector is a must when you have auto deployed hosts which are not having a local disk to store the system files. In a situation like that the log files of these hosts store in the RAM disk which means each time this host reboots log files will be destroyed. That can lead you to a huge problem where you can't find the exact issues such as PSOD incidents. As a precaution of that you need to have a separate log collector of your ESXi Hosts. 

Syslog and Dump Collector services are in built to the vSphere 6.x and you need to setup this separately in vSphere 5.x. Here I'm using my vSphere 6.x environment and I'm focusing the ESXi host level configuration to pass the log files to your remote log collector. 

Setting up the Syslog Collector 

Login to your ESXi host with a SSH session and check the Syslog configurations with the below command 

"esxcli system syslog config get" and check the remote host 


VMware vSphere 6 - Platform Service Controller Installation

In this article I'm focusing on the installation steps of the vSphere 6.0 Platform Service Controller aka PSC before I install the vCenter Server. It is a pretty straight forward installation and You can easily deploy this and integrate to your new vSphere 6.x environment. There are ways we can maintain the High availability of the PSCs, I'm planing to discuss them in a different post. 

Basically, PSC deals with the identity management for the vSphere users and applications. Also, below services are installed with the PSC.
  • VMware Appliance Management Service (only in Appliance-based PSC)
  • VMware License Service
  • VMware Component Manager
  • VMware Identity Management Service
  • VMware HTTP Reverse Proxy
  • VMware Service Control Agent
  • VMware Security Token Service
  • VMware Common Logging Service
  • VMware Syslog Health Service
  • VMware Authentication Framework
  • VMware Certificate Service
  • VMware Directory Service
Below VMware products and components are supported with the PSC
  • VMware vCenter Server
  • VMware vCenter Inventory Services
  • VMware vSphere Web Client
  • VMware Log Browser
  • VMware NSX for vSphere
  • VMware Site Recovery Manager
  • VMware vCloud Air
  • VMware vCloud Director
  • VMware vRealize Automation Center
  • VMware vRealize Orchestrator
  • VMware vSphere Data Protection
  • VMware vShield Manager
You can deploy this as an appliance or a windows based server and it is compatible with both Windows/Appliance based vCenter server.

Requirements when deploying the Appliance-based Platform Services Controller:
  •  Processor - Intel or AMD x64 processor with two or more logical cores, each with a speed of 2 GHz
  •  Memory - 2 GB
  •  Disk storage - 30 GB
  •  Network speed - 1 Gbps
Requirements when deploying the Windows-based Platform Services Controller:
  • Processor - Intel or AMD x64 processor with two or more logical cores, each with a speed of 2 GHz
  •  Memory - 2 GB
  •  Disk storage - 4 GB
  •  Network speed - 1 Gbps
Ok, Let's jump in to the installation straight away...

 I'm using a Windows 2008 R2 server to install the PSC component. Mount your vSphere 6.x ISO and launch the installation. Select the "vCenter Server for Windows" to start the installation.


VMware vSphere 6 - Enable Lockdown Mode in VMware ESXi 6.0

Maintain a high security environment for your Infrastructure is one of the great best practices in many ways. There are many ways which you can restrict access to your infrastructure just avoid any unexpected situations for your sensitive data. 

Here, what I'm going to show is one of the common and best way to restrict access to your VMware environment. We call it "VMware Lockdown Mode". There are two types of Lockdown modes available in VMware so far. 

  • Normal - Host is accessible only through the DCUI (Direct Control User Interface) or the VMware vCenter server. If you lost the access to your vCenter server, still you have a chance to exit the host from the "Lockdown Mode" with a privileged user account
  • Strict - You are not able to access DCUI with the Strict mode and you must use the vCenter to access and remove the "Lockdown Mode". If you lost access to the vCenter server while you enabled the "Strict Lockdown Mode" your host might be unavailable. Only option you have is re-install the ESXi from the scratch
To enable the "Lockdown Mode" Right-click on the host which you want to enable the lockdown mode and select "Settings" (I'm using the web console)


Go to "Manage" tab and select "Security Profile", then you will be able to find the Lockdown mode. Click on "Edit" to change the setting


Then you will get the "Lockdown Mode" window and you can enable the Normal/Strict mode according to your requirement. I'm enabling the "Strict Mode" in my case. Click "OK" to accept the Warning message and enable the Strict Lockdown mode



Click "OK" and note the completed tasks in the "Recent Task" window 



Now you have enabled the "Lockdown Mode" and try to access it through the DCUI. DCUI is stopped in the "Strict Lockdown Mode". You need to only use the vCenter to turn off the Strict Lockdown Mode


Adding Exception Users in to the Lockdown Mode

Still you can provide access to your host while you are in the Lockdown mode for some user accounts to continue the work and access. This might be helpful for third party applications or solutions to continue the functionality while in the Lockdown Mode. 

Once you get the Lockdown Mode window select the "Exception Users" and click on the green "+" sign to add the local users to the lockdown mode


Add the local user to the "Exception Users" list and click "OK" to add to the users




You can see the added users and "OK" to complete the user addition 


Use DCUI to disable the "Normal Lockdown Mode"

Let's say you are on the "Normal Lockdown Mode" still you can use the DCUI to disable the lockdown mode without the vCenter. Again, if you are on the "Strict Lockdown Mode" you are not able to do this. 

I'm enabling the "Normal Lockdown Mode" 

Login to your DCUI with the root credentials and select the "Configure Lockdown Mode", you can see it as enabled, hit "Enter" to change the mode


Use the "Space bar" to toggle the selection 



You can see it as Disabled once you change the Mode

 

Note : SSH and Shell is not affected by Lockdown Mode and you need to disable/enable it manually

VMware Update Manager Configuration

Installation 

If you are maintaining a VMware environment, I believe this is not a new thing and you may already using VMware Update Manager aka VUM for your Host upgrades and Patch management. You need to have a separate server for this and with vSphere 6.5 you are getting this as an inbuilt feature with your vSphere vCenter Appliance. If you are interested in reading more about this you can read VMware blog article here

I thought it is a good idea to write this article as there are few interns/freshes in my team and they are also interested in learning these hosts upgrades and patch management tasks. This article is based on the VMware Update Manager 5.5. 

First of all, as I mentioned earlier you need to have a separate Windows based server to install the VUM and there should be a clear connectivity to your vCenter server. Mount your VMware installation ISO to your VUM server and start the installation by clicking the "install" button. 


VMware vSphere Performance Data Query Limitation

There are couple of applications are in place to get the resource utilization, operations handling, capacity review and for some other tasks in my day to day activities, we came up with few issues after we upgrade our old vCenters to vSphere 5.5 and we were not able to get the performance data of my VMware clusters through the vSphere APIs.

After doing some researches we found that there is a small parameter configuration to over come with this issue. Basically, my blog post is about VMware KB article 2107096. Here, I'm explaining the steps which we did the parameter configuration to fix my API issue.

 This issue came in to the play as it is setting the limit of maximum performance metric database queries to a threshold of 64 in the vCenter. Symptom of this issue was when we were querying the data it was throwing an error saying "Request processing is restricted by administrator". Let me show you the way of fixing this step by step, as I mentioned earlier this is following the VMware KB article 2107096.

Login to the vCenter, select the vCenter server and go to the "Manage" tab. Select the "Advanced Settings". Add the parameter config.vpxd.stats.maxQueryMetrics and set the Value as -1. If this is already added you can see the parameter in the list. 

Note: If you added the parameter incorrectly, you can remove the parameter form this file. 


VMware 5.5 Enable guest Nested hypervisor - "Hardware_Virtualization Warning"

I came across with this while I was building a test environment for my testings on Dell R610 server. First of all I was doing my own research before I go and build the VMs straight away. I was read and scratching tons of blog posts and I found below recommendations for the nested virtualization. 


  • Nested 32 bit VMs - Intel VT-x or AMD-V is required
  • Nested 64 bit VMs - Intel EPT or AMD RVI is required
Also, you need to verify that your hypervisor is truly support for your nested hypervisor feature. To do that you might need check this in the "Managed Object Browser" aka "MOB" in your hypervosior.You can read more about "MOB" from here

vCenter 5.0 to 5.5 Upgrade fails due to an expired SSL Certificate

We encountered with this issue while we were in the middle of vCenter 5.0 to 5.5 Upgrade. Our initial plan was to upgrade the existing vCenter 5.0 as a 5.5 simple installation. This was an old setup and we didn't have any idea about the installation date and the time of the vCenter Server, we ended up with this error and vCenter was failed to upgrade as we expected.